Meta’s push to train artificial intelligence systems on employee laptop activity has run into a serious internal security problem. According to an internal security notice seen by WIRED and three current employees familiar with the issue, potentially sensitive information collected from corporate laptops was left accessible to anyone inside the company.
The incident centers on the Model Capability Initiative, a program that began tracking Meta workers’ corporate laptops in April. The data is believed to include keystrokes, mouseclicks, and content displayed on the computer screens of Meta’s US employees.
What Meta says happened
Meta spokesperson Tracy Clayton confirmed that the company is investigating the issue. He said, “We have carefully designed this program with privacy safeguards,” and added, “we have no indication at this time that any data was improperly accessed by Meta employees.”
The internal security notice sent out Monday said “employee data across 45,000 hive tables,” had been exposed. Documents viewed by WIRED described the affected tables as including employee activity such as “full prompts and transcriptions, private conversations, people and performance data.”
That combination is why the incident has drawn immediate attention inside Meta. The issue was not only that data was collected. It was that information gathered through a controversial employee-tracking program was reportedly made broadly available within the company.
Why the tracking program was already controversial
The Model Capability Initiative was created to help train AI models. Meta executives have defended the program as necessary because the company wants AI systems to learn how to use computer software in ways that resemble human behavior.
In audio of a company meeting leaked last month, Mark Zuckerberg told employees that “AI models learn from watching really smart people do things,” and that the “average intelligence of the people who are at this company is significantly higher” than the average contractor who could be hired specifically to generate similar training data.
Employees had already raised objections before the exposure came to light. Last month, more than 1,600 employees signed an internal petition protesting the laptop surveillance effort. The petition warned that “collecting this data introduces both security and regulatory risks for Meta, including the potential for breaches and unauthorized disclosure.”
The petitioners also questioned the safeguards around the program. One engineer wrote a widely shared internal note saying that having their laptop screen scraped for training data without consent felt like an invasion of privacy and amounted to exploitation.
How employees reacted internally
After the security failure surfaced, some employees treated it as confirmation of the risks they had already described. Internal forum posts seen by WIRED included questions about how Meta’s privacy reviews failed to prevent the breach.
Employees also asked whether everyone whose data was potentially exposed would be allowed to attend a meeting explaining what went wrong. In one internal forum where staffers are known to trade jokes, an employee posted a meme from The Office of Jim Halpert holding a sign that reads, “0 days since our last nonsense.”
Sources at Meta who were not authorized to speak publicly told WIRED that the incident has now been marked as closed, which means it was likely resolved. In an internal post to employees on Monday, Andrew Bosworth said the tracking program’s implementation had fallen short of the standards described in its privacy review. He also said findings from the incident would be shared.
Safeguards, exemptions, and unresolved tension
Meta has already adjusted parts of the monitoring program after widespread employee protest. This month, the company began offering more exemptions, according to two people familiar with the matter. Those exemptions included letting staffers briefly turn off the surveillance so they could complete sensitive tasks, such as scheduling a personal appointment.
Those changes have not ended the dispute. Some employees are still demanding that the tracking be stopped altogether.
The conflict shows how AI training programs can create internal trust problems even before they reach customers or the public. In this case, the source data came from employees’ own work machines. That made questions about access, consent, review, and containment central to the program from the beginning.
- Privacy: Employees objected to the collection of screen and activity data from corporate laptops.
- Security: The internal notice said employee data across 45,000 hive tables had been exposed.
- AI training: Meta executives have argued that the data is useful for teaching AI models how people use software.
- Workplace trust: The incident has intensified concerns already raised in an internal petition.
Why this matters for Meta’s AI push
The security incident lands during a difficult period inside Meta. Employees have already been frustrated by mass layoffs, a turbulent reorganization, and an aggressive push to develop AI models and features.
In March, Meta created a new Applied AI team and moved some 6,500 employees into new roles focused on improving AI models. Some staffers have described their new assignments as menial and “soul-crushing.”
Bosworth also sent a memo to employees last week apologizing for the company’s “atrocious” communication about the AI reorganization. He promised improvements, including clearer communication and the return of some office perks.
The exposure of employee-tracking data adds another pressure point. Meta’s AI ambitions depend on data, but this incident shows that internal data collection can become a workplace issue as much as a technical one. For employees, the question is no longer only whether AI training benefits the company. It is whether the systems built to gather that data can be trusted to protect it.